Monday February 06 , 2012
Text Size
   

Access Control and Audit of High Risk Users


The Challenge

“86% of insider attacks were either by previous or current full-time employees in a technical position or high-risk users within the organization.” From Insider Threat Study, CERT.

A high-risk user has a high degree of technical knowledge and can circumvent controls. They require preferred access to do their jobs with power access tools such as SSH, Telnet, RDP and VNC to be efficient.

High-risk user works across the entire heterogeneous infrastructure and is driven by the need to maintain a high level of operational efficiency that can weaken security controls, if mishandled.

These privileged accounts are often neglected as the session activities are difficult to monitor. In fact, they tend to go undetected and investigations are often incomplete due to insufficient resolution in the audit trails. It is, therefore, crucial to secure, audit, track and manage these privileged accounts and sessions. Access control to specific device should only be granted upon legitimate request and purpose to prevent any unauthorized access and to comply with audit.


The Solution

A centralized system to govern and track all users accessing the organization infrastructure resources. This system should act as a gate-keeper to all users. Only specific access should only be grant to the users based on management approval and requirement to carry out their tasks.

Apart from governing access control to high risk users, it is also crucial for the organization to have a clear view and record of all these high-risk users’ activities, to comply to new audit and compliance requirements: PCI, SOX, GLBA and/or HIPAA etc.



The Benefits
  • One single management system The centralized authorization and management system should be able to cover all the infrastructure resources from windows and Unix servers to network devices and any other form of critical devices found in a typical organization. This will improve the ease of deployment and management of policies.
  • Zero Footprint Access All users, including high-risk users, should not be granted any physical footprint onto the network. No client installation is required and there will not be possibility of virus propagation and unauthorized copying and printing of sensitive documents.
  • Tracking and Logging All command lines activities should be monitored, recorded and achieved for audit purposes. Such logging and tracking should even expand to graphical session recording such as RDP and VNC, allowing all remote high-risk users activities to be recorded and policy violations to be bookmarked.
  • Compartmentalization Provide integrated applets which allow policy to restrict users to fine grained compartments and limit visibility to authorized areas.
  • Containment High-risk users should be monitored and controlled by a white/black list approach at the server or command line level to prevent users from leaving authorized areas. This will keep them from traversing between authorized work areas and other areas within the IT infrastructure.